Cryptocurrency and artificial intelligence are two rapidly evolving technologies that have the potential to revolutionize various industries. One exciting application of AI in the crypto space is smart contract auditing and cybersecurity. By using AI, it becomes possible to identify vulnerabilities and ensure the security of smart contracts, which are the backbone of many blockchain platforms. However, despite the great promise this technology holds, there are significant challenges that need to be addressed.
Although AI has shown promise in various domains, its capabilities in auditing smart contracts are far from perfect. OpenAI’s ChatGPT, for example, has been tested by Coinbase for automated token security reviews, but it often misclassifies high-risk tokens as low-risk ones. This raises concerns about the reliability of AI when it comes to identifying cybersecurity holes.
James Edwards, the lead maintainer for cybersecurity investigator Librehash, suggests that OpenAI intentionally limits the capabilities of its bot like ChatGPT to avoid being held responsible for vulnerabilities or exploits. While AI can assist in code analysis, relying solely on AI for smart contract auditing is not recommended, as logical code bugs and potential exploits may still exist.
The Successes and Failures
Despite its limitations, AI has demonstrated some successes in smart contract auditing. Melbourne digital artist Rhett Mankind managed to create a memecoin called Turbo with the help of ChatGPT, which later reached a market cap of $100 million. However, CertiK Chief Security Officer Kang Li warns that projects developed with AI assistance may still contain design flaws that can be exploited by attackers. While AI can be a useful tool for code analysis, it is not yet suitable for solo smart contract auditing.
Richard Ma from blockchain security firm Quantstamp identifies a major challenge in training AI models for smart contract auditing. The current training data for models like GPT-4 is too general and lacks specific information about smart contracts. As a result, these models are better at hacking servers than auditing smart contracts. To address this, efforts are underway to collect years of data on smart contract exploits and hacks, enabling AI models to recognize and prevent them effectively.
To overcome the limitations of existing models, researchers like James Edwards and Illia Polushkin are working on new approaches. Edwards is developing an open-source WizardCoder AI model that incorporates the Mando Project repository of smart contract vulnerabilities and uses Microsoft’s CodeBert pretrained programming languages model. Initial testing indicates that this AI model can audit contracts with a high level of accuracy that surpasses the capabilities of GPT-4.
Polushkin highlights the importance of considering edge cases in smart contract auditing. He suggests that current AI models focus on statistically possible outcomes, while smart contract exploits often occur in rare cases that are not statistically predictable. Near, a blockchain platform, uses formal search procedures to identify these rare occurrences and improve the correctness of smart contract code. However, Polushkin believes that AI will not surpass human auditors in the next few years.
While AI is not yet as effective as human auditors in smart contract auditing, it has the potential to become a valuable tool in the field. By assisting auditors in the initial analysis and identification of vulnerabilities, AI can result in faster and more comprehensive audits. As the technology progresses and more data on smart contract exploits becomes available, AI models will improve their accuracy and effectiveness.
The potential for AI in smart contract auditing and cybersecurity is promising, but there are significant challenges that need to be addressed. While AI models like ChatGPT have shown some successes, their limitations and vulnerabilities make them unsuitable for solo smart contract auditing. Researchers and developers are working on new approaches and training data to improve the capabilities of AI models in this field. As AI progresses, it will play a valuable role in augmenting human auditors, enhancing the security of smart contracts, and advancing the adoption of blockchain technology.